Shopping Cat?
Moderator: General Moderators
Shopping Cat?
Hey there,
What is the best way to record information in a customers shopping cart?
Cookies and MySQL Database would eb the best do you think?
Thanks for yuor input.
What is the best way to record information in a customers shopping cart?
Cookies and MySQL Database would eb the best do you think?
Thanks for yuor input.
again it depends on what you want to do.
If a user close's the brower do you want to keep the cart alive?
Allow them to return to the cart later if they don't purchase right away?
I have seen systems work both ways of have a combination of sessions/cookies or db's
If you don't care about keeping the cart alive then sessions/cookies will work fine as long as you record the order in a db once they want to purchase.
If you want to keep the cart between sessions then recording everything in a db as they add and delete items or update quantities is the best way to go IMHO.
Never store CC detials as that just posses all sorts of security issues that very few people want to deal with and I personally would never use a site if I knew that they where storing my CC detials.
If a user close's the brower do you want to keep the cart alive?
Allow them to return to the cart later if they don't purchase right away?
I have seen systems work both ways of have a combination of sessions/cookies or db's
If you don't care about keeping the cart alive then sessions/cookies will work fine as long as you record the order in a db once they want to purchase.
If you want to keep the cart between sessions then recording everything in a db as they add and delete items or update quantities is the best way to go IMHO.
Never store CC detials as that just posses all sorts of security issues that very few people want to deal with and I personally would never use a site if I knew that they where storing my CC detials.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
imho: in my humble opinion
imnsho : in my not so humble opinion
OR google "internet jargon imho" (2nd hit)
http://www.fone.net/support/genhelp/jargon.html
imnsho : in my not so humble opinion
OR google "internet jargon imho" (2nd hit)
http://www.fone.net/support/genhelp/jargon.html
Oh and while I think of it:
If the shopping cart has lets say for example 100 items in it, how would I confirm that to the MySQL DB that they have paid?
After paying, should I just redirect them page to one of my pages, and use the cookie to identify the customer, and to say to the database that they have paid?
What is a secure way to do this because there can be 1 to 10,000 products in the shopping cart?
If the shopping cart has lets say for example 100 items in it, how would I confirm that to the MySQL DB that they have paid?
After paying, should I just redirect them page to one of my pages, and use the cookie to identify the customer, and to say to the database that they have paid?
What is a secure way to do this because there can be 1 to 10,000 products in the shopping cart?
personally i wouldnt redirect and then tell the db that they have paid. i would do it in the same script that finds out firsthand if they paid or not.
reason is, if not done carefully, you might leave a hole open where people could fake having paid, or paid, but it doesnt get recorded, and both are very bad.
but you could redirect them to a thank you page, where a cookie identifies them, and then php finds thier record based on that cookie and then says thank you etc...i just wouldnt have the thank you page be the one to actually modify the db.
as far as how to do things, id recomend you look at the source of some working shopping cart scripts.
a long time ago i took a look at this one, i found it pretty helpfull
http://mymarket.sourceforge.net/
reason is, if not done carefully, you might leave a hole open where people could fake having paid, or paid, but it doesnt get recorded, and both are very bad.
but you could redirect them to a thank you page, where a cookie identifies them, and then php finds thier record based on that cookie and then says thank you etc...i just wouldnt have the thank you page be the one to actually modify the db.
as far as how to do things, id recomend you look at the source of some working shopping cart scripts.
a long time ago i took a look at this one, i found it pretty helpfull
http://mymarket.sourceforge.net/
That script you gave stored the CC in the DB... I'm not doing that so it doesn't really help...
Would this be secure:
Customer clicks order and confirms everything.
The browser sends them to the remote payment processor for them to fill out the form.
The processor sends them to the page that says they have paid in the MySQL DB (eg: mydomain.com/paid.php)
And then paid.php uses header("location: thanks.php") to send them to the thank you page...
What do you think?
Would this be secure:
Customer clicks order and confirms everything.
The browser sends them to the remote payment processor for them to fill out the form.
The processor sends them to the page that says they have paid in the MySQL DB (eg: mydomain.com/paid.php)
And then paid.php uses header("location: thanks.php") to send them to the thank you page...
What do you think?
I just found what I'm looking for.
My payment processor has an XML payment gateway... So the customer doesn't even leave the site to pay, it uses XML to send the data to my payment processor allowing me to add paid the the MySQL DB. All i need is an SSL certificate.
Thanks for your help any guys.
If anyone does know what to do about recording payments when the customers have to go to the payment processors website to enter their CC details, I'm sure it would help others.
My payment processor has an XML payment gateway... So the customer doesn't even leave the site to pay, it uses XML to send the data to my payment processor allowing me to add paid the the MySQL DB. All i need is an SSL certificate.
Thanks for your help any guys.
If anyone does know what to do about recording payments when the customers have to go to the payment processors website to enter their CC details, I'm sure it would help others.